PART I

INTRODUCTION

INTRODUCTION TO PART1

This parl consists of two chapters, presenting a general introduction to the thesis and a brief review of risk assessment methodologies. Of these, Chapter 2 is a pre-print of our paper, Techniques and methodologies for risk analysis in chemical process industries due to appear in Journal of Loss Prevention in Process industries.

Chapter 1

GENERAL INTRODUCTION AND LEAD-UP TO THE PRESENT WORK

The history of chemical process industries is replete with major accidents. Such accidents have had catastrophic implications, causing massive losses of property, human lives, and environmental quality. The reverberations of the worst such disaster which happened in Bhopal in 1984, are being still felt even though over a decade has passed. Even as Bhopal gas tragedy was catastrophic in its dimensions--leading to a death toll that is by far the worst ever in the history of industrial accidents -- it is by no means an isolated instance. Indeed several serious industrial accidents have taken place before and after Bhopal gas tragedy in lndia as well as abroad. Indeed, in lndia itself such accidents keep occurring with frightening regularity. Indeed the biggest industrial accident of the 1990s -the 'HPCL Disastei (also known as 'The Vishakhapatnam Disaster') has also occurred in lndia on 14 September 1997 at the HPCL (Hindustan Petroleum Corporation Limited) refinery near the city of Vishakhapatnam, India. It brought into sharp focus the destructive potential of domino effect vis a vis industrial accidents. It was this effect (also variously called 'cascading effect' or 'chain of accidents') which was responsible for a single failure in the HPCL refinery with limited damage potential to escalate into a series of major accidents, eventually claiming over 60 lives, causing damage to property worth over Rs.600 million ($ 20 million), and terrorising a sprawling city of over 2 million inhabitants (The Hindu, 1997; Subramanian, 1997) The death toll which eventually crossed 60 would have been higher had the fire started half-an-hour later than it did, when the first shift staff would have come in to relieve the night shift. And Sunday being a holiday, the administrative personnel, who number over 200, were saved as they were not on duty (The Hindu,1997; Subrarnanian, 1997).

The compulsions of increasing population and developmental needs keep putting ever increasing pressure on available land space. Even those industries which were earlier set up in remote areas away from human dwellings now find themselves being enveloped by residential colonies. The risk posed by industrial accidents is thus increasing even in situations where the quantities of the hazardous materials being handled, or the manner in which they were being handled, remains the same as before. Unlike the normal release of gaseous, liquid, or solid wastes from industrial process which take place slowly and are controllable accidental toxic releases, explosions, or fires occur all of a sudden leaving no chance for impacted people to escape, let alone control the accident. In order to prevent or at least reduce the frequency of occurrence of such accidents, major efforts are needed towards raising the safety level, hazard management and emergency prepareGness. This realisation and the increased public awareness towards this issue, has prompted techniques development of new process to carry out risk assessment (RA) and safety evaluation of chemical process industries, singly or in combinations (as they exist in chemical complexes). Over the last few years, several methodologies have been developed for qualitative as well as quantitative risk assessment in chemical process industries. These methodologies (reviewed in Chapter 2) have served very useful purpose. Yet there is significant scope of advancement in terms of the following:-

Reduction in experts' time and computational costs Techniques such as hazard and operability problem (HAZOP), failure mode effect analysis (FMEA), checklist, and probabilistic risk assessment (PRA) need huge resource inputs in terms of expert-time and computational costs. Moreover the results obtained by these techniques are largely qualitative in nature. Increase in the accuracy and precision of the forecasts a) Quantitative techniques such as consequence analysis, indices, detailed maximum credible accident analysis (MCAA), and quantitative risk assessment (QRA) can be made more accurate and realistic; further the accident scenarios generated by them can be made more precise and sophisticated. Most of the techniques ignore site characteristics; this mar the effectiveness and applicability of the forecasts to some extent. Techniques such as frequency prediction, PRA, and fault tree analysis (FTA) demand highly accurate and precise data of the components; getting such highly reliable data is difficult and even a small inaccuracy in the data may lead to great inaccuracy in the results.

b) c)

Increasing the gamut of RA study The existing RA techniques either do not account for, or not very strong in, handling phenomsna such as the effects of heavy gas dispersion, effect of surrounding industries on dominolcascade effects, improper safety management, and lack of adequate emergency planning.

Improving the reliability o f rapid risk assessment The existing rapid risk assessment techniques such as indices and MCAA have limitations in terms of identification and assessment of hazards relating to types of operations, states of processes, process conditions and site characteristics.
THE PRESENT WORK

We have made a few humble efforts towards introducing improvements in the various RA techniques and methodologies. We have also developed software packages aimed at user-friendliness, swiftness, larger coverage, and sophistication in risk analysis. Attempts have been made towards Developing a more reliable indexing technique for hazard identification and ranking in process industries.
a

Developing a combination of techniques for qualitative hazard assessment and ~robabilistic hazard assessment. The techniaues have been Packaged as . ~OPHAZOP PROFAT. and Developing better tools for quantitative risk assessment based on more precise and accurate forecasting of the nature and impacts of accidents. These efforts have resulted in software MOSEC and HAZDIG. These have also led us to develop a new model based on modification in plume path theory for studying the dispersion of heavy gases and evolving damage control strategies when such gases are released in large quantities.

Developing methodology for rapid risk assessment. This methodology has been coded in software package MAXCRED. Developing a conceptual model for the simulation of chain of accidents (dominolcascading effects) and forecasting their consequences. A software package DOMIFFECT has been developed over this. Developing application of risk analysis during design stage to make plants inherently safer.

The applicability of the methodologies and the software packages has been tested with real-life case studies. CONTENTS OF THE PhD THESIS The contents of the PhD thesis are summarised in Figure 1. We hope that the thesis which presents a multi-module system of methodologies and software packages wou\d contribute some new knowledge to the subject and would stimulate further work in the area of risk assessment.
REFERENCES
1.
2.

The Hindu, (1997). Major fire in Visag refinery, The Hindu Publications, September 15, 1, Chennai. Subramanian, T S,(1997). Close call. The Hindu Publications. October 17,41-43, Chennai.

Content of thesis

Genonl Inlrgdudbn and

Inlrodudon

R*YIw 01 b m d q w r

Part Ill QusnUbUve m m o d r of risk asses~nmnbl

Canleauanca analyslt

Tho p d a p MOSEC
Y

Pan IV Quanlmwe malhodr of risk ~ssessmnt.l1

Rapld risk ~ss~esm*nt

T k padraw MAXCRED

ApplimWn of MAXCRED

Plrl v Ouanl~u~e rnslhodr olnsk asse6smnl-111

ProbablDsUc risk
a~$essmnl

The packap PROFAT

l-l

l of

L f

Mcdols lor domino oRed

I!
-

Rnklnp

A new m m o d o t w WI

Panvlll bpl#-LK)n 01 risk analp15 In W M design

n w rnsmcddo~ HlRA

Inhemnl ula aasm

Pgwndlwa

I
Figure 1. The struckure of the thesis

0th.r p a p r r publlshw

abwh

Chapter 2

TECHNIQUES AND METHODOLOGIES FOR RISK ANALYSIS IN CHEMICAL PROCESS INDUSTRIES'

This paper presents a state-of-art-review of the available techniques and methodologies for carrying out risk analysis in chemical process industries. It also presents a set of methodologies developed by the authors to conduct risk analysis effectively and optimally.
Key words: Risk assessment, hazard assessment, quantitative risk assessment, industrial hazard assessment, process safety assessment

INTRODUCTION
Chemical process industries often involve reactors, conduits and storage vessels in which hazardous substances are handled at elevated temperatures andlor pressures. Accidents in such units caused either by material failure (such as crack in the storage vessels), operational mistakes (such as raising the pressures temperaturelflow-rate beyond critical limits), or external perturbation (such as damage caused by a projectile) can have serious often catastrophic consequences. The most gruesome example of such an accident is the Bhopal Gas Tragedy of 1984 which killed or maimed over 20,000 persons but there have been numerous other accidents (Flixborough-1974, Basel-1986, Antwerp-1987, Pasadena-1989, Panipat-1993, Mumbai-1995, and Vishakhapatnam-1997) in which the death toll would have been as high as in Bhopal if the areas where the accidents took place were not less densely populated(Less, 1996; Marshall, 1987).

Along with the rapid growth of industrialisation and population the risk posed by
' Accepted for publication in Journal ofLoss Prevention in Process Industries, UK (kindly see page Al).

probable accidents also 'mntinues to rise. This is particularly so in the third world where population densities are very high and industrial areas which are surrounded by dense clusters of neighbourhoods. Further it is common to find 'industrial areas' or 'industrial complexes' where groups of industries are situated in close proximity to one another. The growth in the number of such industrial areas and in the number of industries contained in each of the areas gives rise to increasing probabilities of 'chain of accidents' or cascadingldomino effects wherein an accident in one industry may cause another accident in a neighbouring industry which in turn may trigger another accident and so on. Some of the past experience like Mexico-1984. Antwerp-1987, Pasadena-1989 and recently Vishakhapatnam-1997 are examples of such disasters(Hindu, 1997). In order to prevent or at least reduce the frequency of occurrence of such accidents major efforts are needed towards raising the level safety, hazard management and emergency preparedness. This realisation and the increased public awareness towards this issue, has prompted techniques development of new process to carry out risk assessment and safety evaluation of chemical process industries, singly or in combinations (as they exist in chemical complexes).

The resulting science of risk assessment, which has emerged in recent years with ever increasing importance being attached to it, deals with the following key aspects of accidents in chemical process industries a) b) Development of techniques and tools to forecast accidents. Development of techniques and tools to analyse consequences of likely accidents. Such consequence analysis fulfils two objectives:-

it helps in sitting of industries and management of sites so as to minimise the damage if accident does occur; it provides feedback for other exercises in accident forecasting and disaster management;

c)

Development of managerial strategies for 'emergency preparedness' and 'damage minimisation'.

RlSK ASSESSMENT The terms hazard and risk are sometimes used interchangeably by the processlenvironrnental engineer or safety personnel. However, hazard relates to the source of harm, while risk is the probability of the harm being experienced(Lees, 1996; Greenberg and Crarner, 1991). In the authors' opinion risk may be defined as a combination of hazard and probability of hazard occurrence, where hazard is defined as the degree of h a m to the human beings, property, society or environment. In this context risk analysis can be defined as an exercise, which includes both qualitative and quantitative determination of risk and its multidimensional impacts. TECHNQUES AND METHODOLOGIES FOR RlSK ASSESSMENT Several techniques and methodologies have been proposed from 1970 onwards for risk and safety study. A brief review of the important ones is presented here;

Checklist
Checklist represents the simplest method used foi hazard identification (Balemans, 1974;

Rose et a/., 1978; Hessian and Rubin, 1991; Oyeleye and Kramer. 1988). A checklist is a list of questions about plant organisation, operation, maintenance and other areas of concern to verify that various requirements have been fulfilled and nothing is neglected or overlooked. Checklist is primarily based on the prepares' prior experience, but it can also be based on codes and standards(Hess1an and Rubin, 1991; Oyeleye and Kramer, 1988).. The checklist has to be maintained during the life of project and should be updated after each modification, and after every major outage when equipment is replaced or modified substantially. Although checklist development requires trained and experienced personnel, even relatively untrained personnel can use it effectively. The main limitations of this methodology are:

it takes long time to develop a checklist but it yields only qualitative results, with no insights into the system. It merely provides the status of each item in terms of 'Yes' or 'No'. a checklist can focus only on a single item at a time, so it can't identify hazards as a result of interaction among different units or components (equipment). it is only as good as the ability and prior experience of the person preparing it. There is always a significant probability of some critical item being neglected. it is unable to identify hazard due to the type of unit operation (reaction, heat transfer, storage etc.), severity of operating conditions (temperature, pressure), and any mis-operation (leak or excess heat generation etc.).

+
+
+

Due to above mentioned drawbacks this technique is not recommended for detailed risk analysis. However, it continues to be used(Eiey, 1992; Ozog and Stickles, 1991).

HAZOP
HAZOP is a simple yet structured methodology for hazard identification and assessment(lCI, 1974; Lawley, 1974; CIA, 1977; Knowlton, 1976; ILO, 1988; Kletz, 1983,1985; Freeman, 1991; Sherrod and Early, 1991; Venkatasubramanian and Vaidyanathan, 1994; Medermid et a/. 1995). It had been developed at Imperial Chemical Industries (ICI) in 1974 and later went through several modifications(lCi, 1974; Kletz, 1985; Andow et al., 1980; Knowlton, 1982,1989; McKelvey, 1988: Montague, 1990). The basic principle of a HAZOP study is that normal and standard conditions are safe, and hazards occur only when there is a deviation from normal conditions. It is a procedure that allows its user to make intelligent geniuses in the identification of hazard and operability problems. In a typical HAZOP study, design and operation documents (PI&D's, PFD, material flow diagrams, and operating manuals) are examined systematically by a group of experts. Abnormal causes and adverse consequences for all possible deviations from normal operation that could arise are identified for each unit of plant. HAZOP is considered by a multi-disciplinary team of experts who have extensive knowledge of design, operation and maintenance of the process plant. To cover all the possible malfunctions in the plant the imagination of the HAZOP team members is guided systematically with a set of guide words for generating the process variable deviations. A list of guide words and their definitions is given in Table 1. The salient features of HAZOP study are:

Table 1 Guide words and their physical significance .

Guide Word None Less

Meaning

Parameter

Deviation

Negation intention Quantitative decrease

Flow Level Flow Level Temperature Pressure Concentration Flow Level Temperature Pressure Concentration Flow Pressure Concentration Flow Level Concentration of impurity Temperature of substance Level of impurity Pressure of substance Flow of impurity Concentration of desired substance Level of desired substance Flow of desired substance

No flow Zero level Low Low Low Low Low flow rate level temperature pressure concentration flow rate level temperature pressure concentration

More

Quantitative increase

High High High High High

Reverse Part of

Logical opposite Qualitative decrease

Reverse flow rate Reverse pressure Concentration decrease Flow decrease Level decrease Concentration increase Temperature increase Level increase Pressure increase Flow increases Concentration zero Level zero Flow rate zero

As

As Well- Qualitative increase

Other Than

Complete substation

+
+

it gives an idea of priorities basis for detailed risk analysis, it provides first hand information of the potential hazards, their causes, and consequences, it indicates some ways to mitigate the hazards, it can be performed at the design stage as well as operational stage, it provides a basis for subsequent steps in the total risk management program.

+ + +

A number of applications of HAZOP in Chemical process industries (PI) have been reported in literature; Freeman eta/. (1992), Sweeney (1993), Pully (1993), Kolodji (1993) Shafagi and Cook (1988) , Mulvihill (1988) , Parmer and Lees (1987) , Piccinini and Levy (1984), etc. in its original, and thus far widely used form, HAZOP has some limitations; these iimitations are of two kinds. The first kind arises from the assumptions underlying the method and is a limitation (perhaps intended) of scope. The method assumes that the design has been carried out in accordance with the appropriate codes. For example, it is presupposed that the design is appropriate for the requirements of normal operating conditions, as HAZOP only tries to identify deviations from these supposedly ideal situations. The other kind of limitation is one which is neither intended, nor desirable, but is inherent in the method. For example HAZOP is not, inherently well-suited to deal with spatial features associated with plant layout and their resultant effects. Furthermore HAZOP needs large inputs of time and expert manpower. As the efficiency and accuracy of study is fully dependent on the experience and sincerity of the expert team members, any lacunae in manpower selection or performance can seriously harm the success of any HAZOP. McKelvey (1989), Montague (1990), Mulvihill (1988), and Khan and Abbasi (1997a) have made suggestions to increase the effectiveness and reliability of HAZOP. According to them the duration of the study can be reduced drastically using automated systems to study the commonly occurring equipment. This may reduce the work load of team members and increase the efficiency and reliability of the study lnspite of its limitations HAZOP remains the most favoured technique for hazard identification and assessment. Fault tree analysis (FTA) Fault tree(FTA) is an analytical tool that uses deductive reasoning to determine the occurrence of a n undesired event analysis(Parmer and Lees, 1987; Lapp and Powers. 1976, 1979; Hauptmanns, 1988). FTA, along with component failure data and human reliability data, can enable determination of the frequency of occurrence of an accidental event. FTA was developed in 1960's by Bell Laboratories ddring the Polaris missile project. initially it was applied in the aerospace industry. Later its use was extended to nuclear and chemical industries(Less, 1996; Greenberg and Cramer, 1991; Lapp and Powers, 1979; CCPS, 1989; Rauzy, 1993; Cummings et al., 1983; Hauptmanns and Yllera, 1983; Ulerich

et a/., 1988; Guymer et el., 1987). FTA yields both qualitative as well as quantitative information.

FTA has the following advantages. 1) it directs the analyst to ferret out failures deductively; 2) it points out the aspects of the system which are relevant to an understanding of the mechanism of likely failure; 3) it provides a graphical aid enabling those responsible for system management to visualise the hazard; such persons are otherwise not associated with system design changes;
4)

providing avenues for system reliability analysis (qualitative , quantitative); allowing the analyst to concentrate on one particular system failure at a time;

5) 6) providing the analyst with genuine insights into system behaviour. Yllera (1988) and Lai, et a/., (1986) have drawn attention to the difficulties associated
with FTA. According to them FTA is a sophisticated form of reliability assessment and requires considerable time and effort by skilled analysts. Although it is the best tool available for a comprehensive analysis, it is not foolproof and, in particular, it itself does not does assure of detection of all failures, especially common cause failures. The accuracy of prediction is limited and depends upon the reliability and failure data of components of the fault tree. In many real-world applications, it may be difficult to assign exact values to the probabilities of occurrence of the fundamental events. This problem is likely to arise in dynamically changing environments or in systems in which accidents occur so frequently that reasonable failure data are not available. In the absence of genuine probability data, estimates of failure probabilities are customarily supplied by personnel familiar with the operation of the system. Usually they prefer to express their knowledge in general terms and find it extremely difficult to specify the exact numerical values that are required in conventional fault tree analysis. To cope with this problem associated with the assignment of exact numerical values to failure probabilities, modifications have been suggested by Lai et a/., (1986), and Rauzy (1993), and Camarinopoulous (1985) to dilute FTA's dependency on reliability data and cut short the time of analysis using Fuzzy mathematics. Lapp and power (1976,1979),, Lapp (1991) and Bossche (1991) have proposed algorithms for computer aided fault tree design and analysis, which seems to be useful. Failure mode effect analysis (FMEA) FMEA is an examination of individual component such as pumps, vessels, valves, etc, to identify the likely failures which could have undesired effects on system operation( Lees, 1996; Greenberg and Cramer, 1991; Khan and Abbasi, 1995; MIL, 1977; Henevely and Kumanoto, 1981; Klaassen and Van Pepper, 1989; O'Mara, 1991). FMEA involves following steps: 1) identification of each failure mode, of the sequence of events associated with it, its causes and effects;

2)

classification of each failure mode by relevant characteristics, including deductibility, diagnosabllity, testability, item replaceability, and compensating and operating provisions. system structure; system intimation, operation, control and maintenance; system environment; system modelling; system software; system boundary; system functional structure; system functional structure representation; block diagrams; and

Typical information required for an FMEA includes : a) b) c) d) e)

9
g) h) i)

failure significance and compensating provisions. j) FMEA is a qualitative inductive method and is easy to apply. FMEA is assisted by the preparation of a list of the expected failure modes in the light of ( I ) the use of the system, (2) the elements involved, (3) the mode of operation, (4) the operation specification, (5) the time constraints and (6) the environment. FMEA is an efficient method of analysing elements which can cause failure of the whole, or of a large part, of a system. It works best where the failure logic is essentially a serial one. It is much less suitable where complex logic is required to describe system failure(Lees, 1996; Klaassen and Van Pepper, 1989). in essence FMEA is an inductive method. FTA serves as complementary deductive method to FMEA and is needed where analysis of complex failure logic is required. FMEA is good for generating the failure data and information at component level(Henevely and Kumanoto, 1981; Klaassen and Van Pepper, 1989). It has been recommended for use as a hazard identification technique mainly to the systems dealing with lowlmoderateiy hazardous operations and the ones which cannot support expensive and time taking HAZOP study(AICHE, 1985). It has been stated that FMEA can be a laborious and inefficient process unless judiciously applied. FMEA is unable to deal with the interaction among different components and needs highly expert team with sufficient experience and time to carry out the study. More seriously, FMEA is restricted up to component level, while actual hazard may start at sub-component level (failure of transmission line, failure of temperature transducer, failure of controller etc.). What-If analysis The What if method involves asking a series of questions beginning with what if as a means of identifying hazards(CCPS, 1989; IChemE; Zoller and Esping, 1993). Apart from checklists, What if analysis is possibly the oldest method of hazard identification and is still

popular(AIChE, 1985; Buck, 1992; Kavianian et a/., 1992). What if analysis is performed with questions such as: What if the pipe leaks? What if the flow controller fails? The questions need not necessarily start with What if; other phrases may also be used. The method essentially involves a review of the entire design by a team using questions of this type, often using a checklist. The advantages of this technique are; I) II) Ill) 1)
2)

no specialised technique or computational tool is required, once the questions have been developed they can be used throughout the life of the project with slight modifications, provide a simple tabular summary. it requires a team of experts to perform the study; it thus has disadvantages (in terms of expert available and costs) similar to HAZOP. the heavy reliance on the experience and intuition of the study team both to develop questions imaginatively and to get the answer implies that any lacunae in this aspect of the study can render the study totally useless (worse still misleading). gives only qualitative results with no numerical prioritisation

The major disadvantages are :

3) it is not as systematic as HAZOP, and FMEA,

4)

Due to these disadvantages what if analysis is considered inferior to HAZOP and FTA. CCPS (1989), AlChE (1985) and lChEM have recommended this technique only when other two - HAZOP and FMEA are not applicable or the cost of study is the main consideration. Hazard indices A number of indices have been developed to provide measures of hazards in different context. These include the Dow Index, the Mond lndex and the IFAL Index. Dow lndex It is by far the most widely used of hazard indices. It was developed by Dow Chemical Company for fire and explosion hazards. The Dow Guide, describing the Dow index, was originally published in 1964 and has gone through seven editions(Dow chemical company, 1964,1994a: Scheffler, 1994). In the first three editions the methods of determining the index values were developed and ' refined. In the fourth edition a simplified version of the index was described and NO new features were introduced: the maximum probable property damage (MPPD) and a toxicity index. The fifth edition described a new framework for making the risk evaluation. It also included improvements in the method of calculating the index and several other new features loss control credits and maximum probable days outage. In the sixth edition, a

risk analysis package, including business interruption and a toxicity penalty to reflect emergency responses, was introduced. The seventh edition up-dates the sixth edition with respect to codes and good practice, but includes no major conceptual changes. The overall structure of the methodology is shown in Figure 1. The procedure is to calculate the fire and explosion index (F&EI) and to use this to determine fire protection measures and, in combination with a damage factor, to derive the base MPPD. This is then used, in combination with the loss control credits, to determine the actual MPPD, the maximum probable days outage (MPDO) and the business interruption (81) loss(AIChE, 1994). Mond index The Mond fire, explosion and toxicity index is an extension of the Dow Index. This index was developed at the Mond Division of ICI. The original version was described by Lewis (1979). Other accounts have been given by Tyler (1982) and Tyler et a/., (1994). The Mond method involves making an initial assessment of hazard in a manner similar to that used in the Dow index, but taking into account additional hazard considerations. The potential hazard is expressed in terms of the initial value of a set of indices for fire, explosion and toxicity. These include: a) b) c) d) e) fire load index, unit toxicity index, major toxicity incident index, explosion index, aerial explosion index, overall index, and overall risk rating.

f)
g)

IFAL index

The instantaneous fractional annual loss (IFAL) index was developed by the Insurance Technical Bureau (1981), U K, in 1981 primarily for insurance assessment purposes(Singh and Munday, 1979; Whitehouse, 1985). Procedure for the calculation of the index is described in the IFAL Factor workbook (1981) (Insurance Technical Bureau, 1981). It involves considering the plant as set of blocks and examining each major item of process equipment in turn to assess its contribution to the index. The main hazards considered in the index are a) pool fires, vapour fires, unconfined vapour cloud explosions, confined vapour cloud explosions, internal explosions.

b)
c) d) e)

In contrast to the Dow and Mond Indices, the IFAL index is too complex for manual calculation and needs a computer.

process unit

Calculate F1 general process hazards

special process hazards factor

factor F3 = Fl'F2
1

4
Determine F&El F&EI = FB'Material factor

Calculate loss control credit factor = CI*C2*C3

4
Determine area of exposure

4
Determine replacement value in exposure area

4
Determine base MPPD

v
Determine damage factor

4-1

4
Determine actual MPPD Determine MPDO

77
Determine BI

Figure 1. Procedure for calculating the Dow Fire and Explosion Index and other quantities (Lees, 1996)

PROPOSED SCHEMES OF RISK VARIOUS TECHNIQUES WHO

ASSESSMENT BASED ON COMBlNATlON OF

World Health Organisation (WHO) and International Labour Office (ILO) have jointly proposed a scheme for conducting hazard assessment(1984). The scheme consist of three-steps procedure (Figure 2). As most of the constituent techniques are quantitative in nature this procedure is not as amenable to quantification as some other procedures described below are. ISGRA This scheme, authored by International Study Group on Risk Analysis(iSGRA. 1985) , comprises of three steps 1) hazard identification, 2) consequence analysis, and 3) quantification of risk. The hazard identification step identifies and assesses hazards based on the chemical properties, capacity, and deviation in operating parameters. HAZOP, FMEA, and FTNETA have been recommended for this step. The consequence analysis step is to estimate the damage potential using standard mathematical expressions. The last step quantification of risk is based on the frequency of occurrence of an accident and its damage consequences. The frequency of occurrence is estimated based on the past history of similar accidents.

The use of this scheme, unless helshe is very well-versed with the techniques and tools of risk assessment, may be misled into by passing causes of hazards and frequency of their occurrence. These being crucial inputs for any risk assessment study, may lead to wrong conclusions. Maximum Credible Accident Analysis (MCAA) MCAA is an approach to forecast the damage likely to be caused if an accident takes place in a chemical plant(AIChE, 1985; API, 1992; Mallikarjunan et al., 1988; Khan and Abbasi. 1997b). MCAA comprises of the following main steps: i) study of the plant to identify hazardous materials, the nonlless-hazardous unit easily, thus saving the efforts and duration going to wasted in studying nonlless hazardous units. While this provision is not available in QRA and to estimate the same parameters using Dow's index andlor Mond's index it needs extra information and calculations. development of credible accident scenarios. assessment of damages likeiy to be caused in each scenario using mathematical models, and

ii) iii)

iv) delineation of the maximum credible accident scenario. The first step identifies the hazards in any process industry on the basis of properties and capacities of the chemicals and by employing different indices such as System of Hazard Identification (SYHI, 1993), Extremely Hazardous Substance (EHS 1987), and National Fire Protection Agency (NFPA) index( National Fire Protection Association, 1991). On the basis of the storage or handiing situations in the industry, different accident scenarios are generated, representing plausible accidental events. The next step - the consequence assessment step estimates the consequences of each accident scenario in terms of likely

L= ?I
ldentif icat ion of
k e s s a z n t of h a w d s

. analysis . Failure

Accident sequence effect

Accident consequence analysis

Figure 2. W' s hazard a-nt

procedure

extent of damage. Finally, based on the probability of occurrence and damage potential, the worst disaster scenario is identified. MCAA has been extensively used in risk assessment and forms the basis of QRA (quantitative risk assessment) schemes proposed and applied by Arendt (1990a,1990b), Van Sciever (1990), and Khan and Abbasi (1997b). It forms one of the key steps in any elaborate risk assessment exercise but necessitates the use of other techniques for identifying causes of hazards and estimating frequency of likely accidents. Safety analysis Safety analysis is defined as a systematic examination of structure and function of a system aiming to identify accident contributors, modelling sequence of potential accidents, esrimat~on risk, and fixing risk-redclcing measures. Safety analysis can be extenaea to of r~src analysis. Tne various steps involved ~nsafety analysis(Kafka, 1384: S~okas, 1988) are presented in Figure 3. The procedure starts with identification of hazards using HAZOP and FMEA. This is followed by identification of different accidents and their causes. FTA (fault tree analysis), ETA (event tree analysis) and CCA (cause - consequence analysis) have been recommended for this step. This logical model is later analysed for further results (frequency and loss in terms of economic and fatal). The procedure can be extended to the use in risk analysis by incorporating the consequence analysis step. Quantitative risk analysis Quantitative Risk Analysis (QRA) has been in existence for many years. Before its use in the chemical process industries (PI), it was used extensively in the nuclear industry. Unfortunately, the application of QRA in the PI is much more difficult than in the nuclear industry. This is because of the greater diversity of processes, hazardous materials. equipment types and control schemes in the PI. This diversity requires continuous addition of new capabilities in QRA(CCPS, 1989; Arendt, 1990b;1990b; Van Sciver, 1990; ICI, 1982; CMA, 1985; CCPS, 1994). A typical QRA comprises of four steps (Figure 3). 1)
2)

hazard identification, frequency estimation, consequence analysis and measure of risk.

3)
4)

The first step seeks answer to the question: what can go wrong? This is the most ~mportantstep because hazards that are not identified will not be quantified, leading to an underestimated riskvan Sciver, 1990). The techniques used for hazard identification include HAZOP studies, FMEA, 'What If Analysis, and Checklists . After the hazards are identified, the scope of a QRA is defined. The second step involves another key question how likely is occurrence of each accident?. Answering this question involves quantification of the probability of each accident scenario. FTA may be used for third purpose. The third step of consequence analysis aims to quantify the negative impacts of the likely events. The consequences are normally measured in terms of the number of fatalities, although they could also be measured in terms of number of injuries or value of

1.

I d e n t i t i c a t i o n of plant o n r a t r n g s t a g e ~:i;ii;i;n event

. Function s stem rulationszip . Sceeningn og tevent lnrtlatl

!
. Event sequence m d e l l i n g . Svstew modelling . Huun p e r f o m c e analysis
. I n i t i a t i n g events . Conwnrnt f a i l u r r data
ACCIDm SEPUXE IIODELIMG

Huun e r r o r p m b a b i l i tu

. . . . .

ACCIDMl SmUMCE PUAMIFlCIlIlON Deteruination of accident sequence Boolean reduction

H Z R O S SUBSTAKE W S E UITEGORIC ASSESSltan AAD U Outflow w d r l Evawration nodel Meather conditions Relation of plant h g e s t a t e 1 n l e l s e categoPy
COWSEQUMCE ASSESSKmI

. Dispemion models . Assessment of doses . Dose lvsponse models

IMEWLIIIIOW O RESULT F

Figure 3. Steps of probabilistic safety analysis in cherical procett industries

the property lost. The analysis of consequences in the PI is very complex due to the great variety of materials, chemical reactions, and technologies involved. Consequence analysis is the aspect of QRA that is growing most rapidly. The last step of a QRA is to calculate the actual risk. This is done by estimating the areas that are at risk, and the extent of that risk. lnspite of being lengthy (needs large time for implementation), high cost of implementation (due to the need of highly expert professionals of various discipline for longer duration), and needs sophisticated tools and data, it is the most favoured and presently most frequently used scheme for the risk analysis of chemical process industries(Lees,l996; Greenberg and Cramer, 1991; Khan and Abbasi, 1997b,c,d). Improvements in terms of reducing the duration of the implementation of various steps by screening the non-hazardous units, cutting short the time of each step (use of already developed information base) would bring down the cost of study drastically and thus make the study optimal in all respect (cost, duration and reliability of results). Probabilistic safety analysis in subsequent years Guymer et al. (1987), Popazoglou et a/. (1992), and Kafka (1991,1993), have proposed a combination of different techniques for probabilistic safety analysis (PSA) in chemical process industries. PSA provides, a framework for a systematic analysis of hazards and quantification of the corresponding risks. It also provides, a basis for supporting safety-related decision-making. The methodology and the procedures followed for the PSA of a typical chemical installation involved in handling a hazardous substance can be outlined in the following seven major steps(Popazoglou et a/., 1992) (Figure 4).
1. Hazard identification

The main potential sources of hazardous substance releases are identified and the initiating events that can cause such releases are determined.
2. Accident sequence modelling A logical model for the installation is developed. The model includes each and every ~nitiator potential accidents and the response of the installation to these initiators. of
3. Data acquisition end parameter estimation

Parameters which must be estimated include the frequencies of the initiating events, component unavailability and probabilities of human actions.
4. Accident sequence quantification

This step quantifies the accident sequences, that calculates their frequency of occurrence. In particular, the plant model built in the second step is quantified using the parameter values estimated in the third step.

5. Hazardous substance release categories assessment

2elease categories of the hazardous substance are defined in order to streamline the calculation of the consequences of the accidents and the associated frequencies.

6. Consequence assessment

Dividr the plant into various study nodes o r

Take one unit or

unit of Inforrution Ease

INFOWIIITION BASE

hdd or rrmvc causes and conse cnces.due to spCcialf(khavlor of unrt

Figure 4, o p W P study procedure

Undesirable consequences and associated probabilities are calculated for each release category. If the hazardous substance is toxic, immediate health effects can be estimated by calculation of the atmospheric dispersion of the released substance, the assessment of the dose an individual would receive at each point around the site, and by establishing a doselresponse model. 7. Integration of results Integrating the models and the associated results, developed in steps 4,5 and 6, results in the establishment of the range of possible consequences and the associated uncertainties. Beckjord et e l (1990) have reported a few applications of PSA in chemical process industries. For the same level of accuracy PSA takes about 50% more time than QRA. Moreover, the application of PSA is limited to the operational stage as because many of its steps (data acquisition and parameter estimation, and accident sequence quantification) need precise operational data, which are available only during operation.
THE PRESENT WORK

It emerges from the foregoing review that several of the existing methodologies are useful in conducting one or other aspect of risk analysis. For example; HAZOP is a powerful technique for identifying and assessing hazards qualitatively, while MCAA is widely applicable in consequence analysis. All conventional risk analysis procedures require a combination of these methodologies. As some of them such as HAZOP- are cumbersome and costly, and some other such as FMEA,FTA require extensive reliability data which might not be easy to obtain, the conventional RA procedures become tedious, costly, and prone to serious errors (when precise basic data is required but is not available).

We have tried to improve the situation modifying some of the conventional methodologies and strengthening some others in terms of enhancing their analytical and computational capabilities. These efforts have led to the following: i) ii) iii) iv) vi) vii) viii) HlRA optHAZOP TOPHAZOP PROFAT MOSEC DOMIFFECT MAXCRED

Hazard identification and ranking : HlRA HlRA (Hazard Identification and Ranking Analysis) is a technique proposed by these authors to conduct the very first step of risk analysis (hazard identification and ranking). The objective of this step is to identify the chemicals and unit operations that constitute potential hazard. HlRA is based on a multi-attribute hazard identification and ranking method and detailed elsewhere(Khan and Abbasi, 1997e). It considers hazard potential in a unit as function of material, capacity, type of unit operation, operating conditions, and surroundings (degree of conjunction, location of other hazardous units etc.). The output

of HlRA gives two indices, fire and explosion damage index (FEDI) for fire and explosion hazard, and toxic damage index (TCI) for toxic release and dispersion hazard. Qualitative hazard assessment : optHAZOP and TOPHAZOP optHAZOP The optimal and effective HAZOP (optHAZOP) signifies the application of hazard study in such a way that the duration of the study should be optimum, most of the hazards should be identified and assessed, better efficiency, good reliability of results, and the time of applicability should be such that the recommendations made by the study can be followed easily and economically(Khan and Abbasi, 19979. To fulfil the above objective a systematic procedure along with various recommendations has been developed. This procedure has been named as the optHAZOP study procedure(Khan and Abbasi, 1997f). This study procedure uses an already developed expert knowledge-base; the procedure is shown in Figure 5. This knowledge-base is a large collection of facts, rules and information regarding various components of process plant. Along with the use of knowledge it also suggests a few recommendations to reduce the time of discussion and produces effective and reliable results(Khan and Abbasi, 1997f,g). TOPHAZOP optHAZOP, described above, consists of several steps, the most crucial one requires use of a knowledge-based software tool which would significantly reduce the requirement of expert man-hours and speed up the work of the study team. TOPHAZOP (Tool for Optimizing HAZOP) has been developed to fulfil this need(Khan and Abbasi, 19979). TOPHAZOP is a knowledge-based user-friendly software for conducting HAZOP study in a comprehensive, effective, and efficient manner within a short span of time. TOPHAZOP overcomes several major limitations (time, effort, repetitious work, etc.) of the existing HAZOP procedure. The software has an in-built knowledge-base which is extensive and dynamic. It incorporates process units, and works out numerous modes of faiiure for certain input operational conditions. It drastically minimises the need of expert time. The knowledge-base has been developed in two segments: process general knowledge, and process specific knowledge. The process specific knowledge segment handles information specific to a particular process unit in a particular operation, whereas the process general knowledge segment handles general information about process unit. At present the knowledge-base incorporates information pertaining to 15 different process units including their characteristics and modes of failures. The availability of on-line help and graphical user-interface enhances its user-friendliness so that even an inexperienced professional can utilise the software with relative ease. Probabilistic hazard assessment : PROFAT Fault tree analysis involves identification of causes of an accident, frequency of occurrence of an accident, and contribution of each cause to the accident. It is a useful methodology but is besieged with the same types of limitations which we find with other methodologies such as: need of large volumes of precise data, and requirement of large expert time. We have made attempts to overcome these limitations by incorporating a combination of analytical method(Hauptmanns, 1988), and Monte-Carlo simulation technique(Rauzy,l993; Hauptmanns, 1983) with fuzzy set theory(Tanaka et al., 1983;

w
DO(YIWIAT1oN

RESULTS

Figure 5. Simplified blodr diagrar shwing win steps of different risk and safety a m n t procedures

Khan and Abbasi, 1995). A sofhvare PROFAT (Probabilistic Fault Tree Analysis) has been developed on the basis of this recipe. Consequence Analysis : MOSEC HAZDIG and DOMIFFECT Consequence analysis involves assessment of likely consequences if an accident scenario does materialise. The consequences are quantified in terms of damage radii (the radius of the area in which the damage would readily occur), damage to property (shattering of window panes, caving of buildings) and toxic effects (chroniclacute toxicity, mortality). The assessment of consequence involves a wide variety of mathematical models. For example source models are used to predict the rate of release of hazardous material, the degree of flashing, and the rate of evaporation. Models for explosions and fires are used to predict the characteristics of explosions and fires. The impact intensity models are used to predict the damage zones due to fires, explosion and toxic load. Lastly toxic gas models are used to predict human response to different levels of exposures to toxic chemicals. MOSEC A software MOSEC (Modeling and Simulation of fire and Explosion in Chemical process industries) has been developed specifically to estimate the impacts of accidents involving explosion andlor fire(Khan and Abbasi, 1997h). MOSEC comprises of state-of-the-art models to deal with : i) pool fire, ii) flash fire, iii) fire ball, iv) jet fire, v) boiling liquid expanding vapour explosion (BLEVE), vi) confined vapour cloud explosion (CVCE), vii) unconfined vapour cloud explosion (UVCE), and viii) vented explosion. The software has been developed in object-oriented programming environment using C++ as a coding tool. It has been made user-friendly by incorporating such features as graphics, on-line help, ready-to-use output format, etc. HAZDlG HAZDIG(Hazardous dispersion of gases) is a computer sofhvare specifically developed to estimate the consequences (damage potentials and risks) due to release of toxic chemicals, accidentally or voluntarily (Khan and Abbasi, 19971). The modular structure of HAZDIG (developed in object oriented environment) enables swift processing of data and computation of result. It is also easy to maintain and up-grade. HAZDIG incorporate =L models for estimating atmospheric stability(Van Ulden and Hostlag, 1985) and dispersion(Pasquil1 and Smith, 1983; Wrbink, 1993; Erbink, 1995; and Khan and Abbasi,l997j,k). The data needed to run the models is easy to obtain and feed e.g. properties of chemicals, operating conditions, ambient temperature, and a few commonly available meteorological parameters. A database containing various proportionality constants and complex empirical data has been built into the system. It is capable of handling various types of release and dispersion scenarios: two phase release fol1owe;l D) dispersion, momentum release followed by dispersion, dispersion of heavier-than-air gases, etc. The Graphics option enables the user to draw any industrial sitellayout using freehand drawing or using any already defined drawing tool. The contour drawing optlon has the facility for drawing various damagelrisk contours over the accident site. DOMIFFECT Most of the risk analysis methodologies aeal with accidents in a single industry, more so in one of the units of an industry. But it Is always possible that a major accident in one unit say an explosion or a fire can cause a secondary accident in a nearby unit which in turn

may trigger a tertiary accident(Khan and Abbasi. 19971; Pasman et al., 1992). The probability of such domino or 'cascading' effects occurrence is increasing day by day with more new industries coming up in already congested industrial areas(Khan and Abbasi, 19971). We have developed a computer automated methodology DOMIFFECT (DOMino efFECT) which enables one to know a) whether domino effects are likely to occur in a given setting, b) if they do what would be the likely accident scenarios, and c) what would be the likely impacts of the different scenarios(Khan and Abbasi, 1997m). Finally, the tool guides us towards strategies needed to prevent domino effects(Khan and Abbasi, 1997m). DOMIFFECT is menu driven and interactive, capable of the following:

+ + + +

estimation of all possible hazards from toxic release to explosion; handling of interaction among different accidental events (generation of domino or cascading accident scenarios); estimation of domino effect probability; estimation of domino effect consequences.

Rapid risk analysis : MAXCRED A total risk assessment exercise covering all steps exhaustively from beginning to end is expensive in terms of time as well as monetary and personnel inputs(Greenberg and Cramer, 1991; Khan and Abbasi, 1995; CCPS, 1989; AIChE, 1985; WHO, 1984; Suokas, 1988; Popazoglou, 1992; Pasman et al., 1992). It often becomes necessary to conduct rapid risk assessment (RRA) to draw the same conclusions that a full fledged risk assessment would lead to, albeit with lesser (yet practicable) accuracy and precision(Khan and Abbasi, 1996,1997h). We have proposed a software package, and the system of methodologies on which the package is based, for conducting RRA in chemical process industries. The package is named MAXCRED (MAXimum CREDible rapid risk assessment)(Khan and Abbasi, 1997h). The package, coded in C++, has the following attributes: i) ii) iii) it incorporates larger number of models to handle larger variety of situations useful in RRA; it includes more precise, accurate, and recent models than handled by existing commercial packages; greater user-friendliness;

iv) ability to forecast whether second or higher order accidents may occur. OPTIMAL RISK ANALYSIS (ORA) We have combined the first seven of the methodologies described above into a framework, named ORA (Optimal Risk Analysis). ORA involves four steps : i) hazard identification and screening, ii) hazard assessment (both qualitative and probabilistic), iii) quantification of hazards or consequence analysis, and iv) risk estimation. These steps of ORA and corresponding methodology to be used in each step are presented in terms of OR4 algorithm (Figure 6).

Modulerization of complete plant into manageable units

Hazard identification HlRA technique

aid to develop

' optHAZOP procedure

TOPHAZOP tool Quantitative hazard assessment/ Consequence assessment MOSEC for Fire and explosions HAZDIG for toxic release and dispersion DOMIFFECT for cascading effects

Probabilistic hazard assessment PROFAT tool

6
Risk estimation Figure 6. Simplified block diagram showing various steps with techniques andlor tool to conduct optimal risk analysis

To compare the performance of O W with the other commonly used schemes we have conducted a preliminary Delphi. Experts in safety engineering were asked to give weightages on a scale of 0-10 to eight attributes of seven well-known methodologies (Table 2). After second-round corrections and averaging the average weightage as obtained is presented in Figures 7 and 8. Of these Figure 7 compares seven of the older methodologies and Figure 8 compares QRA with O W . All-in-all ORA appears to be a head of the other seven methodologies. These findings would gain firm quantitative footing only after ORA has been extensively used by persons other than the authors. For the present we can say that ORA appears to be a virtuous scheme, with following features: a) b) it is swifter, less expensive,

c) as (or possibly more) accurate and precise. The features come to view when we consider the following:1)

Use of HlRA in ORA gives directly applicable results: damage radii(radius of the area under the probability of 50% damages due to fire and/or explosion), and the areas with high probability of lethal impacts. This makes it easy to screen various units in terms of their risk potential. Conducting HAZOP by the computer-automated tools optHAZOP and TOPHAZOP saves about 45% of the time otherwise taken by the conventional HAZOP(Khan and Abbasi, 1997f,g). Use of PROFAT (based on combination of analytical method and Monte-Carlo simulation) saves not only computational time, and overall duration of the study, but also increases the effectiveness of the results by doing the computations in fuzzy probability space. The Provision for modelling the complex problem into smaller and simpler modules further enhances the ease and speed of computation. Use of HAZDIG, MOSEC and DOMIFFECT (based on the state-of-the-art models) enables easy, fast, and reliable consequence assessment.

2)

3)

4)

DOMIFFECT enables study of the possibility and likely impacts of domino effects; without such a study no risk assessment exercise can be considered complete or 'safe'.
REFERENCES
1.

AiChE, (1985). Guidelines for hazard evaluation procedures, prepared Baffle Columbus division : AIChE, New York.

by

2.

AIChE, (1994). Dow's Fire and Explosion Index classification guide, AiChE Technical manual LC 80-29237 :AIChE, New York. Andow, P K, Lees, F P, and Murphy, C P, (1980). The propagation of faults in process plants; a state of the art reviews. Int.Chem.Eng.Sym.Ser, 58, 225. APi, (1992). Management of Process Hazards, Recommended Practice 750, American Petroleum institute, Washington D C.

3.
4.

Tabla 2 . Parameters used in the effectiveness study of various risk assessment schemes

parameters

Detailed description

Quantitative results inexpensive to execute (in terms time/data requirement) Sequence of steps optimal In some steps numerous techniques have been clustered without giving criteria of which to choose in which situation, this may lead persons not very well-versed to either waste time or bypass some crucial aspects Precision Applicability at various stage of project Covers most of the aspect of risk study Cumulative performance index of expert time/computational

- WHO

ISGRA

MCAA

SA

QRA

Lapp

PSA

Risk assessment schemes

A .

DB[Zlc L ~ O EDFBIG P ~ H D

Figure 7. Comparison of parameters for various scheme of risk assessment (legends A, B...H is defined in Table 2)

Risk assessment schemes

HA m~ C4c E ~ OE DFI D G BH
Figure 8. Comparison of effectiveness of ORA over QRA (legends A, B, H are explained In Table 2)

...

Arendt, J S, (1990a). Using quantitative risk assessment in the Reliability Engineering and system safety, 29, 133-149.

CPI,

Arendt, J S, (1990b). Management of quantitative risk assessment in chemical process industries, Plant'Operation Progress, 4,262-268. Balemans. A W M, (1974). Check-list. Loss Prevention and Safety Prornotion,l, 715. Beckjord, E S, Cunningham, M A and Murphy, J A, (1990). Probabilistic Safety Assessment Development in the United States,Reliability Engineering & System Safety, 39 (1993) 159-170. Bossche, A, (1991). Computer Aided Fault tree synthesis: system modeling and causal trees; Fault tree construction: real time fault location, Reliability Engineering and System Safety, 32, 217-241. Buck, A F, (1992). Strengthen process hazards reviews. Chemical Engineering Progress, 88(6), 90. Camarinpoulous, L and Yllera, J, (1985). An improved top-down algorithm combined with modularization as a highly efficient method for fault tree analysis. Reliability Engineering, 11 (2), 93. CCPS, (1989). Guidelines for chemical process AIChE, 32, New York. quantitative risk analysis,

CCPS, (1994). Guidelines for evaluating the characteristics for vapor cloud explosions, flash fires, and BLEVEs, AIChE, New York. CIA, (1977). A guide to hazard and operability studies chemical industries association Ltd., Tonbridge Printers Ltd., Tonbridge. CMA, (1985). Risk Analysis in the chemical industry, chemical manufacturers association, Government Institute inc., Rockville. MD. Cummings, D L, Lapp, S A, and Powers, G J, (1983). J. IEEE Transaction on Reliability, R-32, 140. Dow chemical company , (1964). Dow's Process Safety Guide, Midland. Dow chemical company, (1994a). Dow's Chemical Exposure Index, AIChE, New York. Eley, C, (1992). Compliance audit Hydrocarbon Process, 71(8), 97. checklist for hazardous chemicals,

Erbink, J J, (1993). The advanced Gaussian model STACKS, Procd. of ERCOFTAC, Work shop on Inter comparison of Advanced Practical Short range Atmospheric Dispersion Modeling, Manno, Switzerland. Erbink. J J, (1995). Turbulent diffusion model from tall stacks, Ph.D. thesis submitted to VRlJ University, The Netherlands. Extremely hazardous substances, (1987). Environment Protection Act -40CFR pafi 355, Washington DC.

Freeman, R A, (1991). Documentation of Hazards and operability studies, PlanVOperatlon Progress, 10(3), 155, July. Freeman, R A, Lee, R, and MeMarnara, T, (1992). Plan HAZOP studies with an expert system, Chemical Engineering Progress, August.

25.

Greenberg, H R, and Cramer, J J, (1991). Risk assessment and risk management for chemical process industries, Van Nostrand Reinhold, New York. Guymer, P, Kaiser, G D, and Mckelvey, T C, (1987). Probabilistic risk assessment in the CPI, Chemical Engineering Progress, January, 37-45. Hauptmanns, U, (1988).Fault tree analysis for process industries : engineering risk and hazard assessment, (Ed: Kandel and Avani), CRC Press Inc., Florida,. Hauptmanns, U and Yllera, J, (1983). Fault-tree evaluation by Monte- Carlo simulation, Chemical Engineer, 90. Henevely, E J and Kumanoto, M, (1981). Reliability engineering and risk assessment. Englwood Cliffs, New Jercy. Hessian, R T, and Rubin, J N, (1991). Check list reviews, Risk assessment and risk management for the PI, (ED: Greenberg and Creamer), Van Nostrand Reinholdm, New York. Hindu, (1997). Major fire in Vizag refinery, The Hindu publication, September 15, 1. IChemE , Risk analysis in the process industries, EFCE publication series No 45, IChemE, Rugby. ICi , (1974). Hazard and operability studies. Process Safety Report 2, London. Imperial Chemical Industries,

. Quantified Risk analysis in the process industries, The Chemical Engineer, 385, 355-367.
ILO, (1988). Major hazard control : a practical manual, IL 0 Office, Geneva. insurance Technical Bureau, (1981). IFAL Factor Workbook, London. ISGRA, (1985). Risk analysis in the process industries- an iSGRt'. PlanVOperation progress, 4(2), April, 63-67. update,

Kafka, F L, (1984). The European chemical industry's view of major hazards legislation. The 1984 European Major Hazards Conference, London. Kafka, P, (1991). Probabilistic Safety assessment: Quantitative process to balance design, manufacturing and operation for safety of plant structures and systems. Principal Division Lecture, Transactions SMiRT 7 I A Tokyo. , Kafka, P, (1993). Important issues using PSA technology for design of new system and plants, GRS mbH 85748 Garchirg, Germany. Kavianian, H R, J K and Brown, G V, (1992). Application of Hazard Evaluation Techniques to the Design of Potentially Hazardous Industrial Chemical Processes. Report. Div. of Training and Manpower Dev.. Nat. Inst. Occup. Safety and Health, Cincinnati, Ohio.

Khan, F I and Abbasi, S A, (1995). Risk analysis: a systematic method of hazard assessment and control, J of Industrial Pollution Control, 11(2), 89-98. Khan, F I, and Abbasi, S A, (1995). Analytical Simulation : a procedure to conduct FTA in chemical process industries, CPCE/RA 072/95: Pondicherry University, Pondicherry. Khan, F I, and Abbasi, S A, (1996). Simulation of accidents in a chemical process industry using software MAXCRED, Indian J of Chemical Technology, 3, 338-344. Khan, F I, and Abbasi, S A. (1997a). Mathematical model for HAZOP study time estimation, J of Loss Prevention Process Industries, 10(4), 249. Khan, F I, and Abbasi, S A, (1997b). Risk analysis of epichlohydrin manufacturing industry using new computer automated tool MAXCRED. J Loss Prevention Process Industries, 10(2), 91-100. Khan, F I, and Abbasi, S A, (1997~).Risk analysis of a cloralkali industry situated in densely populated area, Process Safety Progress, 16(3), 172-185. Khan, F I, and Abbasi, S A, (1997d). Rapid quantitative risk assessment of a petrochemical industry using a new software package MAXCRED, J of Cleaner Production (in press). Khan, F I, and Abbasi, S A, (1997e). Hazard identification and Ranking : a multiattribute technique for hazard identification, Research report CPCURA 22/97 Pondicherry University, Pondicherry. Khan, F I, and Abbasi, S A, (1997f). optHAZOP an optimal and effective procedure to conduct HAZOP study, J of Loss Prevention in Process Industry, 10(3), 191-204. Khan, F I and Abbasi, S A, (19979). TOPHAZOP: a knowledge based software tool for conducting HAZOP in a rapid, efficient yet inexpensive manner, J Loss Prevention Process Industries, (in press). Khan, F I, and Abbasi, S A, (1997h). MOSEC : Modeling and Simulation of fire and Explosion in Chemical process industries, Research report CPCE/RA 21/97, Pondicherry University, Pondicherry. Khan, F I, and Abbasi, S A, (19971). HAZDIG : Hazardous dispersion of gases, J of Loss Prevention Process Industries (communicated). Khan, F I, and Abbasi, S A, (19973). Application of the recently modified plume path theory on the dispersion of some heavy gases, Sym. of Air Quality Management at an Urban, Regional, and Global Scale, 23-26 September, Istanbul. Khan, F I, and Abbasi, S A, (1997k). Modeling and simulation of heavy gases released by petrochemical industries, 2nd International Speciality Conference on Environment Progress in the Petroleum 8 Petrochemical Industries, November 17-19, Bahrain.

Khan, F I, and Abbasi, S A, (19971). Models for domino effect analysis in chemical process industries, Process Safety Progress, (in press). Khan, F I, and Abbasi, S A, (1997m). DOMIFFECT: a user-friendly software for domino effect analysis, Environmental Modeling & Software, (Communicated). Khan, F I, and Abbasi, S A, (1997n). MAXCRED: a new software package rapid risk assessment, Environmental Modeling and Software, (in press). Klaassen, K B, and Van Pepper, J C L, (1989). System reliability concept and applications, Chapman and Hall Inc., New York. identification and Kletz, T A, (1983). HAZOP and HAZAN Notes on the assessment of hazards, The Institution of Chemical Engineers, Rugby. Kletz, T A, (1985). Eliminating potential process hazard, Chemical Engineer, 48. Knowlton, R E, (1976). Hazard and operability studies application in RLD, R&D Management, 7, 1-8. and their initial

Knowlton, R E, (1982). An introduction to hazard and operability studies, Chematics International Ltd, Vancouver, Canada. Knowlton, R E, (1989). Hazard and operability studies: approach, Chematics International Co., Vancouver. The guide word

Kolodji. 0 P, (1993). Hazard resolutions in sulfur plants form design through start up, Process Safety Progress, 12(2), 127-731. Lai, F S, Shenoi, S, and Fan, L T, (1986). Fuzzy fault tree analysis theory and applications, (Engineering risk and hazard assessment, Ed:Kandei and Avni), CRC press, Florida. Lapp, S A, (1991). A risk evaluation system, ChemTech., 700-704. Lapp, S A, Powers, G J, (1976). Chemical Engineering Progress, 72(4), 89. Lapp, S A, Powers, G J, (1979). J IEEE Transaction on Reliability, R-28, 12. Lawley, H G,(1974). Operability studies and hazard analysis, Engineering Progress. 70 (4), 45-54. Chemical

Lees, F P, (1996). Loss prevention in process industries, Buffenuorths, 1-3, London. Lewis, D J , (1979). The mond fire, explosion and toxicity index development of the Dow Index. AlChE on Loss prevention (New York).

Mallikarjunan, M M, Raghvan, K V and Pietersen, C M, (1988). An approach to Maximum Credible Accident Analysis of cluster of industries, Proceeding of Envirotech International Conference September 21-24, Bombay. Marshall, V C, (1987). Major chemical hazards, John Wiley & Sons, New York. McKelvey, C T, (1988). How to improve the effectiveness of hazard and operability analysis, IEEE Transactions on Reliability, 37(2), 167-170.

Medermid, J A, Micholson, M, Pumfrey, D J, and Fenelon, P,(1995). Experience with the application of HAZOP to computer based systems, Dept. of Computer Science, University of York, Helington. MIL. (1977). Procedure for performing a failure mode effect analysis, Dept. of Navy, Report MIL-STD-1629A Washington DC. Montague, D F, (1990). Process Risk Evaluation - what method to use ?, Reliability Engineering 8 System Safety, 29(1), 27-33. Mulvihill. R J, (1988). Design safety enhancement through the use of hazard and risk analysis, IEEE Transactions on Reliability., 37(2), 149-153. National Fire Protection Association, (1991). Hazardous chemical data, NFPA code-325M, New Jercy. O'Mara, R, (1991). Calculation of human reliability, Risk assessment and risk management for the CPI, (ED: Greenberg and Creamer) : Van Nostrand, New York. Oyeleye, 0 0 , and Kramer, M A, (1988). Qualitative simulation of chemical process system : steady state analysis, AlChE Journal, 34(9), 1441. Ozog, H, and Stickles, R P, (1991). Process hazard management documents. practice compared, Oil and Gas Journal, January, 81-90. Parmer, J C, and Lees, F P, (1987). The propagation of faults in Process plants : Hazard identification, Reliability Engg., 7, 277 & 303. Pasman, H J, Duxbury, H A, and Bjordal, E M, (1992). Major hazards in the process industries. Achievements and challenges in loss prevention, Journal of hazardous materials, 30, 1-38. Pasquill, F, and Smith, F B, (1983). John whiley, New York. Atmospheric diffusion, (third edition),

Piccinini, M, and Levy, G, (1984). Ethylene oxide reaction; safety according to operability analysis; Canadian J. of Chemical Engineering, 62, 547. Popazoglou, I A, Nivoliantiou, A 0, and Christou, M, (1992). Probabilistic safety analysis in chemical installation, J Loss Prevention Process Industries, 5(3), 181-191 . Pully, A S, (1993). Utilization and results of Hazard and operabii~ty studies in a petroleum refinery, Process Safety Progress, 12(2), 106-110. Rauzy, A, (1993). New algorithms for fault tree analysis, System Safety, 40, 203-21 1. Reliability Engg. and

Rose, J C, Wells, G L, and Yeats, B H, (1978). A guide to project procedure, Institution of Chemical Engineers, London. Schemer, N E, (1994). Improved fire and explosion classification, Process Safety Progress, i3(4), 214-2 18. index hazard

Shafagi, A and Cook, B F, (1988).Application of a hazard and operability study to hazard evaluation of an absorption heat pump,lEEE Transactions on 65. Reliability, 37(2),161-1 Sherrod, R M, and Early, W F, (1991). Hazard and operability studies, (Risk assessment and management in PI, (Ed: Greenberg and Creamer) ,Van Nostrand Reinhold, New York. Singh, J, and Munday, G , (1979). IFAL: a model for the evaluation of chemical process losses. Design 79 :lnstn Chem. Engrs, London. Suokas, J, (1988).The role of safety analysis in accident prevention, Accident 67-85. Analysis & Prevention, 20(1), Sweeny, J C, (1993). ARC0 Chemical's HAZOP experience, Process Safety Progress, 12(2),83-90, SYHI, (1993). Chemical ranking for potential health and environmental impacts, Environment Protection Act CR-816735, Washington. D C. Tanaka, H, Fan, L T, Lai, F S, and Toguchi, K, (1983). Fault tree analysis by Fuzzy probability, IEEE Transactions on Reliability, R-32/51, 453-456. Tyler, 8 J, (1982). Using the Mond index to measure inherent hazards, PlanVOperation Progress, 4,172. Tyler, B J, Thomas, A R, Doran, P, and Grieg, T R, (1994). toxicity hazard index, A Hazards, XIII, 351. Ulerich, N, (1988).'On-Line Hazard Aversion and Fault-Diagnosis in Chemical Processes: The Digraph+Fault-tree Method', IEEE Transaction on Reliability, 37(2), 171. Van Ulden. A P and Hostlag, A A, (1985). Estimation of atmospheric boundary layer parameters for diffusion application, Journal of Climate and Applied Meteorology, 24,1196. Van Sciver, G R, (1990). Quantitative risk analysis in the chemical process industries, Reliability Engg & System Safety,29, 55-68. Venkatasubramanian, V, and Vaidyanathan, R, (1994).A knowledge frame work for automating HAZOP analysis, AlChE Journal, 40(3). based

Whitehouse, H 8,(1985). IFAL a new risk analysis tool. The assessment and control of Major hazards : lnstn Chem. Engrs, Rugby, 309. WHO, (1984).Major Hazard Control : A practical manual, International Labor Office, Geneva. Yllera, J, (1988). Modularization methods for evaluating fault tree of complex technical system, (Engineering risk and hazard assessment, Ed:Kandei and Avnij, CRC Press Inc, Florida. Zoller, L and Esping, J P , (1993).Use 'What if method for process hazard analysis. Hydrocarbon Processing, 72(1).132.